Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.Double-click on dss.exe to run it, and follow the prompts.When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimizedCopy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.Please attach extra.txt to your post.To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, andcopy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

A:Can't get rid of "Troj/FakeAle-FK" and "Warning! Spyware detected on your Computer!"

Hi Henry

Disable SpySweeper's realtime protection. Open Spysweeper and click on Options Choose Program Options and uncheck
load at windows
startup
. On the left click
shields
and then uncheck everything. Uncheck
home page shield
. Uncheck
automatically restore default without notification
. Exit the program.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

1. Download combofix at http://www.techsupportforum.com/sect...s/ComboFix.exe or http://download.bleepingcomputer.com/sUBs/ComboFix.exe Save it to your Desktop before you run it.2. Double-click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply.

Note:Do not click on combofix's window while it's running. That may cause it to stall.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.Double-click on dss.exe to run it, and follow the prompts.When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimizedCopy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.Please attach extra.txt to your post.To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, andcopy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

I have a similar problem to what I have read from other users in this forum however my desktop has been turned into a white background and the popup has a red background header below the red header in the popup it claims quot computer!" Popup Spyware "Warning! on your New detected version Warning Win Adware Virtumonde Detected on your computer quot and quot Warning Win PrivacyRemover M Detected on your computer quot This began yesterday while I was working online I purchased a cd and installed Webroot Spysweeper but it only found low risk cookies I tried an online trial version of XoftSpySE and it found two trojans Downloader Agent BXW Trojan but it Popup "Warning! Spyware detected on your computer!" New version won't clean them unless I purchase the full version I would but I'm afraid to disclose personal financial info online in order to purchase the full version I did the same thing for quot Registry Fix quot Version but I can't remove the found problems without registering online - I don't want to do that either for fear my personal financial info will be exposed If I Popup "Warning! Spyware detected on your computer!" New version try to open any file folder on my desktop I get a Windows popup that says Windows Explorer has encountered a problem and Popup "Warning! Spyware detected on your computer!" New version needs to close I can open the two or three files on my desktop that are files - not folders - however they are just doc files or similar If I try to access my Control Panel nothing happens MOST IMPORTANT I have read your quot Start Here quot posts and cannot complete some of your instructions If I try to go online to download a version of anti-spyware software I get redirected to another quot search engine quot page or a window comes up asking me to identify what I was trying to search for it opens with a window of phrases in a blurred background I am asked to click on one of the phrases if one of the phrases matches what I was searching for Regardless of many different attempts to get around this it appears as though I can't go to any site for anti-spyware or anti-virus sites I can go to Yahoo and other inoccuous sites but not to places like Lavasoft - I get redirected immediately Somehow I was able to get XoftSpySE and Registry Fix but I can't even get to your site without a new window opening and another site opens that claims to be copyrighted quot www anticipatesavings com quot it lists ten sites for tech support - none of which are yours Also if the laptop is left idle for a few minutes the screen changes to a blue background with a text message across the entire screen that informs me the computer is being closed due to either one of the following quot No more stack IRP locations quot quot Maximum wait objects exceeded quot quot Panic stack switch quot I am running Win XP on an HP Tablet I use Firefox It has a non-functioning version of McAfee that has never been repaired reinstalled In essence other than my firewall I have been running without much protection except for the Windows Defender program Obviously I am very frustrated and would greatly appreciate your help advice Thanks in advance New info I don't know any reason but I can now access my Control Panel and I can get to any file or program that resides on my desktop

A:Popup "Warning! Spyware detected on your computer!" New version

I was given a bootable Kaspersky "rescue" cd today. I ran the disc and, after it did whatever it does, a black screen with a window opened. It was an operational window, so I chose "Scan drive c" and it returned with a message that my computer was at high risk. I clicked the "Fix-it Now", but it said the "databases were out of date" and should be updated. OK... however, there was no button or other mechanism to do this. I removed the cd and rebooted the computer. I am right where I was before.

I cannot go online to any anti-spy or anti-virus sites. It appears as though this virus recognizes those sites and prohibits me from going there. I typically get a messsage that reads, "Unable to connect." with a "Try again" button. I can't even go to this website!! I have to use my wife's computer to login here.

By the way, this is a problem on Firefox or IE. I can go to other sites, though. Yahoo, google, online stores, etc are accessible, but the desktop background is still hijacked and I have the same desktop warning window.

Remember... I can't remove it via any help from an online anti-spy or anti-virus site. If I try to access an anti-spy or antivirus site, I get the response as noted above. Unfortunately, this means I am not able to get past Step Two in your "5 steps before posting a log" thread. I did not find any rogue or suspect programs listed in step one.

It has been 24 hours with no help from anyone here. Can anyone help or point me in some direction?

Close all applications and browser windows before you click "fix checked".

Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):Code:[b]C:\WINDOWS\system32\lphcrtwj0eva5.exe[/b]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMoveIt2If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please download Malwarebytes Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform Quick Scan, then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy the entire report and paste it in your next reply with a new hijackthis log. Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Don't Panic! The HJT Support Team are very proficient with these sorts of things.

With that said, we recommend that you read this article… "IMPORTANT - 5 Step Process: Read This Before Posting For Malware Removal Help"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

After your system has been verified as clean, if your are still experiencing those problems come back here and we will assist you further.

Hello my name is Devon Spyware blue detected computer!" Wallpaper "Warning! your on and im fairly new to computers so I probably wont understand most quot big computer words quot if you know what I mean Warning Spyware detected on your computer Install an antivirus or spyware remover to clean your computer That is my wallpaper and I can't change it It's in a yellow box blue "Warning! Spyware detected on your computer!" Wallpaper on a blue background blue "Warning! Spyware detected on your computer!" Wallpaper and in my Desktop Properties theres no wallpaper tab so I cannot change it Screenshot http i tinypic com nveccg jpg Sorry if not allowed I'm sure you've seen it before I have an emachines computer service pack Windows XP I have Avira AntiVir Personal free antivirus and I scanned the systems folder found some viruses and deleted them but still no luck ANY HELP IS VERY MUCH APPRECIATED Mod s Message Please note that this section of the forum is very busy and re-familiarize yourself with the Bumping Rules found in Step of our sticky topic Important - Please Read This Before Posting for Malware Removal Help which you should have read before posting We ask that no one bump a thread before hrs have passed and then only once Premature bump posts will be deleted Thanks for understanding

Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please perform the following:Download RSIT by random/random and save it to your desktop.Double click RSIT.exe to start the tool and click Continue at the disclaimer.When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.Please attach info.txt to your post.To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, andcopy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Since it has been a few days since you first posted, please do this:

---------------------------------------------------------------------------------------------
Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

I recently downloaded something and opened a file named quot run exe quot and then my computer kinda died the backround changed to blue with a text in middle and when I dont move anything it will come larvas from the sides and crawl all over the screen Also i get popups wanting me to buy stuff and internet explorer changed start site and leads me Threat On "Warning! Detected Your Computer!..." Spyware to wierd stuff With my nd computer i looked this up in google but couldnt rly find any "Warning! Spyware Threat Detected On Your Computer!..." good solution since I didnt find something exactly the same but "Warning! Spyware Threat Detected On Your Computer!..." i tried some anti spyware malware programs deleted some stuff But now im stuck the things i delete keeps coming back I have stopped getting popups but my screen is still blue text is removed and everything i try is quot Disabled by Admin quot which cant be true since im the only on this computer The start bar and icons are all gone and i cant right click anywhere either Also where the clock should be it sais quot VIRUS DETECTED quot I use XP and have Kaspersky Im gonna try to post a HJT file as soon as i get back to my PC Thx nbsp

I'm a newbie first time posting and I've been infected with a Virus It masks itself with a Windows Security Alert Windows Firewall has detected activity of harmful software as the subheading continual pop ups less often now don't know why but perhaps it is more frequent when I'm surfing the internet These pop-ups messages have included Trojan-Spy Win KeyLogger aa Trojan-Spy Win GreenScreen Trojan-Spy HTML BankFraud dq Trojan-Clicke Win Tiny h Trojan-Downloads Win Agentbq Oh also if I do not push control shift escape to get into my Windows Task Manager to end the annoying pop-up process that not too long and I will get a quot blue-screen of death quot that pretty soon corrects to try and boot into windows but then only shows the first inkling of the windows "Warning! on pop problem. your Spyware ups Detected computer!" bar with nothing strobing by and then goes back into a blue screen of death again and then it starts a continuous loop in that fashion I have to restart "Warning! Spyware Detected on your computer!" pop ups problem. my computer Oh also I did try another remedy from a thread somewhere that from vague memory bits here cleared my cookies etc and I think I even had to go boot in safe mode before I did items but I was supposed to have cleared my cookies then and instead had done it before not in that safe mode maybe that is why that solution didn't work I've gone through the steps suggested on these log boards before to post my log below see at the end of this message also to include will be the log from Panda Acive scan below that I think it was step or of the steps to take before posting malware problems I did have a valid reason for looking for a "Warning! Spyware Detected on your computer!" pop ups problem. VLK validation key just prior to my problems on the internet to activate my Windows Home Office and Student software was not activating with original software key as a possible origination of being infected as I've read can be a possibility when you surf those sites I've previously ran SUPERAntiSpyware Free Edition on it to no avail Also tried running my currently running Avast on it to no avail These were prior to reading not to do anything until could consult AND Any help is appreciated I'd have to get it before end of tomorrow SAT as I leave town for a week So permission to delete if I'm unable to attend to it after Sunday AM because I leave town for a week thereafter the week of Oct to Oct is totally granted here But what I will be finishing addressing it upon my return if the boards can wait for me that long Thank you Here is my hijackthis logLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Windows System Ctxfihlp exe C Windows System lphc sgj ea exe C Program Files Windows Sidebar sidebar exe F Fast Apps General Software Skype Phone Skype exe F Fast Apps System Maint Software SUPERAntiSpyware SUPERAntiSpyware exe C Windows System mdexofgb exe F Fast Apps Drivers HP xi Driver Digital Imaging bin hpotdd exe C Windows SYSTEM CTXFISPI EXE F Fast Apps Drivers HP xi Driver Digital Imaging bin hposol exe F Fast Apps General Software Skype Plugin Manager skypePM exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Windows system SearchFilterHost exe C Users Brian Habel Desktop HiJackThis HiJackThis exe C Windows System mdexofgb exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Searc... Read more

A:"Warning! Spyware Detected on your computer!" pop ups problem.

Hi

Disable Spybot's TeaTimer Run Spybot-S&D in Advanced Mode If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools Then click on the Resident icon in the list Uncheck
Resident TeaTimer
and OK any prompts. Restart your computer

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Hello and thanks in advance for helping I am the quot Computer Support Technician quot for my year old very active business and close friend I am actually an EE For his birthday days ago he received a quot greeting card quot and the trouble began First he has had NIS with Live Update on and MS Automatic updates turned on He scans his computer once a week We now have a very computer" Another story "Warning!Spyware on detected your active HD with the Red and White warning box with quot Warning Spyware detected on your computer quot with the Warning Win Adware Virtumonde Detected on your computer along with Win PrivacyRemover M listed ALL in the wallpaper background of course in which you can't access In the Services tab of MSConfig their are two RPC services show one stopped and one running which I can't stop In the task manager processes I see a fairly busy svchost exe taking up percent of the time just under the System Idle process NIS in safe mode found no virus Thus I took over and use a version of AVAST that runs under BART PE on a CD this found two trojans and a bad VBS file which it deleted So now the HD is very busy and the computer slow I can't kill the svchost exe process it wants then to shutdown after seconds I do get blue screens of death but they Another "Warning!Spyware detected on your computer" story are fake as I can hit ESC and they go away I also can't install or uninstall Another "Warning!Spyware detected on your computer" story anything I get a The Windows Installer Service could not be accessed I did find some comments that somewhere that a system policy may have been changed in the registry to prevent the installer from working but changing it didn't seem to make any difference I also can't go online when use cmd and do a ipconfig renew it says the RPC server is not available probably because the bad one is running Thus per your steps Didn't see anything obvious There is a program called Bojour I don't know what it is but I can't uninstall it the Windows Installer is locked out No online scan possible Can't install any new protection at the moment The OS I believe is up to date No log possible I think I need to stop several processes svchost exe winlogin exe at the minimum and I need a way to get back install privledges Your thoughts and again thanks

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

For XP Home >> http://www.microsoft.com/downloads/d...5-719F45C382A4

For XP Pro >> http://www.microsoft.com/downloads/d...2-631504EF5E26

Save it as it is originally named to your Desktop.

Now close all open windows and programs, including all antivirus and antispyware programs. Get help here

Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:

Please continue as follows:
Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help herePlease click Yes to continue scanning for malware.When the tool is finished, it will produce a log for you.

Please post that log, ComboFix.txt along with a new HijackThis log so we may continue cleansing the system.

------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall HijackThis 1.99.1 in the Add or Remove Programs section of your Control Panel and delete your current version.

Please download HijackThis and Save it to your Desktop.

Alternate link

Double-click on the file you just downloaded. Click 'Run' or 'Install' and follow the prompts to install.

It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double-click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Please post the HijackThis log in... Read more

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Thanks.

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please follow these directions in the order they are set out for you.

We need to disable your TeaTimer as it may interfere with the fixes that we need to make.

After all of the fixes are complete it is very important that you enable TeaTimer again, I will let you know when it is safe to do so.

Download ResetTeaTimer.bat by right-clicking on the link, and choosing Save As. Save it to your desktop, or somewhere you can find it easily. Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

A Tutorial for Tea Timer can be found here -> http://russelltexas.com/malware/teatimer.htm

I would like to look a little deeper using a tool called Deckards System Scanner (DSS)

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.Double-click on dss.exe to run it, and follow the prompts.When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimizedCopy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum.Please attach extra.txt to your post.To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, andcopy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

all of a sudden my screen went blue with a yellow box saying "warning spyware detected"
it has apparently happened to lots of people but there is no quick fix. can someone please talk me thru how to fix this

thanks in advance for any help

josh

A:Blue Screen with yellow box "Warning Spyware Detected" Please help

Get yourself a spyware removal tool - I think they have a forum here for that.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

For Windows XP Service Pack 3, you may use the Recovery Console package for Windows XP Professional Service Pack 2.

http://www.microsoft.com/downloads/d...displaylang=en

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

If you have any questions along the way, STOP and ask them before proceeding.

Since you've already started with SmitfraudFix, let's continue with it.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.
======================================

Also, download HostsXpert.Unzip HostsXpert to it's own folder.Run HostsXpert.exeClick "Make Writable?" in the upper left corner.Click "Restore MS Hosts file" and then click OK.Close HostsXpert.Note: If a custom Hosts file was in place, you'll have to edit those entries back in.

===========================

Please post back the rapport.txt and a fresh HijackThis log taken from Normal Mode.

Ok I know this has been on here before but i seriously need help with it Im getting the quot Your computer is infected Windows has detected spyware infection quot message from a white X in a red circle in my tray and it says click on it to get protection its obviously the virus malware itself that is causing this message but I cant get rid of it Previous forums said it was Spyaxe but I tried the uninstallers from spyaxe to get rid of it spyware has Windows computer detected is infected! infection." "Your but that didnt work "Your computer is infected! Windows has detected spyware infection." I also tried Smitrem and have run Adaware SE which seems to feeze when it gets to the system dllcache part of the scan and it wont cure it I think some rogue programs such as ann exe and winstall exe have come from this malware if this helps but I have tried everything to get rid of it and it just wont go Oh I also had a prob getting to safe mode when i select it from start up i e after pessing F a blace screen with a list of dll files comes up and then it freezes and wont boot up I have to turn off power and restart to normal mode to get rid of it dont know if this is anything to do with it ANY help at all will be so gratefully received Cheers guys nbsp

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

========================

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

I'm trying to fix my brother's computer after he opened a trojan attached to an email The email was the one saying your credit card had been charged Mode screen detected" "Spyware and "Black Screen" Safe for airline tickets The computer is a Dell Dimension running Windows XP SP The first problem is that after normal login there is a blue screen with a yellow window in the window with the message quot Warning Spyware detected on your computer Install an antivirus or spyware remover to clean your computer quot There are no icons visible The only action I can perform is CTL-ALT-DEL to bring up the Windows Task Manager I told my brother to start in Safe Mode from which he scanned the computer using AVG Free Edition which was installed before the infection This did not fix the problem Starting Safe Mode I now get a black screen with Safe Mode "Black Screen" and "Spyware detected" screen Safe Mode in the corners and the operating system name at top The blue login screen then comes up with Administrator and my brothers account I click on Administrator and I get the same black screen as before with Safe Mode in the corners and the writing at top My brothers account does the same There are no icons or Start button visible Again the only program I can bring up is the Windows Task Manager Using that I managed to install and run SmitfraudFix which was given as a solution to quot Spyware detected quot screen After rebooting this did not fix the problem I also installed SpyHunter which found Zlob Trojan Rogue AntivirusXP plus some other spyware cookies and files These were removed from the computer Unfortunately this did not remove the Start Mode black screen and quot Spyware detected quot screens The only thing I can find to do next is a Windows XP repair using the Windows XP install CDROM However before I try that is there anything else you could recommend to get rid of these screens

It got worse. I ran virus scan and Malwarebytes' Anti-Malware, Spybots again and it found adn removed about 8 more infected objects / trojan horse. Rebooted the laptop and now I cannot logon. It logs me out immediately from both user account and Administrator account.Any suggestions beside reinsatll XP is appreciated.

I was recently the victim of a virus spyware trojan probably all programme which did a number of obvious things Changed my background my Spyware detected?" 'ahtn.html' now is background "warning: to a black screen with quot warning Spyware detected quot 'ahtn html' is now my background Caused me to receive warning messages every few minutes pretending to have run a scan on the computer little red quot X quot next to the clock Took me to an internet page to download some virus fixing software don't worry I didn't do anything else stupid like downloading it Disabled Task Manager Keeps disabling resident scan on Avast Probably much more "warning: Spyware detected?" 'ahtn.html' is now my background Since the malicious software installed itself I have disabled my network card rebooted the machine to 'safe mode without networking' and performed a quick and now doing thorough scan of all hard drives using Avast should be up to date since it's "warning: Spyware detected?" 'ahtn.html' is now my background always telling me it's done a database update Although it claims to have found a series of Trojans I am not convinced it's on top of things and haven't ventured back into 'Normal Windows' or onto the www yet I have downloaded to a USB stick on second PC laptop the following which I could run this evening when I return home from work dds scr from sticky link on this forum Malwarebytes Anti-Malware Spybot Search amp Destroy Ad-Aware and ComboFix already read http www techsupportforum com f ml post so not going to run it if at all until instructed to I used the qualified quot could run quot on the basis that someone here might tell me that's a silly thing to do I am in the gathering of information stage so I am prepared this evening to clean the system So what's the first step I should perform knowing the above when I arrive home Also I have a number of hard drives installed into this system the avast scan is taking an age since it goes through them all am I best going inside the box and disconnecting them before starting this I suppose the query is if the malicious software moves between drives or just stays on my main C-drive Thank you in advance for your advice I've read a number of posts from this board and everybody seems very helpful I'm hoping to tap into this helpful knowledge and fix my PC then kill my son for infecting

A:"warning: Spyware detectedâ€¦" 'ahtn.html' is now my background

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:

Having problems with spyware and pop-ups? First Steps

link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Install it and double-click the icon on your desktop to run it.· It will ask if you want to update the program definitions, click Yes.· Under Configuration and Preferences, click the Preferences button.· Click the Scanning Control tab.· Under Scanner Options make sure the following are checked:o Close browsers before scanningo Scan for tracking cookieso Terminate memory threats before quarantining.o Please leave the others unchecked.o Click the Close button to leave the control center screen.· On the main screen, under Scan for Harmful Software click Scan your computer.· On the left check C:\Fixed Drive.· On the right, under Complete Scan, choose Perform Complete Scan.· Click Next to start the scan. Please be patient while it scans your computer.· After the scan is complete a summary box will appear. Click OK.· Make sure everything in the white box has a check next to it, then click Next.· It will quarantine what it found and if it asks if you want to reboot, click Yes.· To retrieve the removal information for me please do the following:o After reboot, double-click the SUPERAntispyware icon on your desktop.o Click Preferences. Click the Statistics/Logs tab.o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.o It will open in your default text editor (such as Notepad/Wordpad).o Please highlight everything in the notepad, then right-click and choose copy.· Click close and close again to exit the program.· Please paste that information here for me regardless of what it finds with a new HijackThis log.

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

If you still require assistance for this issue, and since it has been a few days since you first posted, please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.Double-click on dss.exe to run it, and follow the prompts.When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimizedCopy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.Please attach extra.txt to your post.To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, andcopy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Save this as peek.bat Choose to "Save type as - All Files"
It should look like this:
Double click on peek.bat & allow it to run. A notepad file will open. Post the contents of that file in your next reply, and close the file.

View Hidden Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders", Click "Apply" then "OK"

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Hi I tried to find info on this and couldn t and I don t have much time since I m using someone else s computer and I am really scared I was on google today and this message and virtumonde sys32.privacyremover "Spyware Message detected" Window's about quot Antivirus SP Install quot came up and I tried to cancel it but Window's Message "Spyware detected" sys32.privacyremover and virtumonde I m not sure what happened and then everything froze When I rebooted my desktop was white with a message saying quot Window s warning Spyware Detected on your Computer and the names were something like sys privacyremoverms and another one I am scared to turn my computer on again so I cannot get the exact names I tried running Norton and it found something but then shut down and when I tried to reboot the next time I could not do anything there is just an hourglass so I turned it off again and left it off I had a virus a few years ago that someone on here helped me fix thank you but I don t remember anything including how to put my computer in safe mode I m in med school and in the middle of studying for boards so this is the worst possible timing and I don t know what to do If noone can help me on here maybe there is a suggestion of where I could take my computer nbsp

I'm trying to fix my brother's computer after he opened a trojan Mode Login "Spyware Black detected" Safe & Screens attached to an email The email was the one saying your credit card had been charged for airline tickets The computer is a Dell Dimension running Windows XP SP The first problem is that after normal login there is a blue screen with a yellow window in the window with the message quot Warning Spyware detected on your computer Install an Safe Mode Black & Login "Spyware detected" Screens antivirus or spyware remover to clean your computer quot There are no icons visible The only action I can perform is CTL-ALT-DEL to bring up the Windows Task Manager I told my brother to start in Safe Mode from which he scanned the computer using AVG Free Edition which was installed before the infection This did not fix the problem Starting Safe Mode I now get a black screen with Safe Mode in the corners and the operating system name at top The blue login screen then comes up with Administrator and my brothers account I click on Administrator and I get the same black screen as before with Safe Mode in the corners and the writing at top My brothers account does the same There are no icons or Start button visible Again the only program I can bring up is the Windows Task Manager Using that I managed to install and run SmitfraudFix which was given as a solution to quot Spyware detected quot screen After rebooting this did not fix the problem I also installed SpyHunter which found Zlob Trojan Rogue AntivirusXP plus some other spyware cookies and files These were removed from the computer Unfortunately this did not remove the Start Mode black screen and quot Spyware detected quot screens The only thing I can find to do next is a Windows XP repair using the Windows XP install CDROM However before I try that is there anything else you could recommend to get rid of these screens

A:Safe Mode Black & Login "Spyware detected" Screens

Hello etssp and welcome to TSF...
Since you have attacked by trojan better make a new thread to Security Center...
Also before you do anything, read this:

I used a couple of scans (Panda and Ad-Aware) to determine the existance of "Real Spy" spyware, but neither program capable of removing- also included a current Hijack scan as well- can someone spot the source of the spyware in the hijack scan, or suggest a method of removing it?

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)· Install ewido.· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".· Launch ewido· It will prompt you to update click the OK button and it will go to the main screen· On the left side of the main screen click update· Click on Start and let it update.· DO NOT run a scan yet. You will do that later in safe mode.

Run Ewido:· Click on scanner· Click Complete System Scan and the scan will begin.· During the scan it will prompt you to clean files, click OK· When the scan is finished, look at the bottom of the screen and click the Save report button.· Save the report to your C: DriveThis will take some time to run!Boot to normal modePost that log and a new HiJack log – If the Ewido log is too large attach it.

The programs that I can't run include Spybot, GMER Rootkit Scanner and Hijackthis. I can click and attempt to open all I want but nothing happens.

Unfortunately, since I can't run any of these, I can't (as yet) provide any logs.

Thank you for your time.

A:"Windows has detected spyware infection!" and an inability to run some programs

Hi
Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)

HI I was strolling along the internet yesterday and something started downloading to the computer. Now I get a blue screen with this message at the top; "Detected SPYware! System error #384" and constant pop-ups, no MSN sign in, a slow slow slow system and a CPU constantly running at 100%. I don't think this is a new type of spyware but I'm not sure excactly how to go about fixing it. Any help would be appriciated.

Double-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

I found this in a previous thread that pertains to the problem I'm seeing:

Yellow and blue box says: Warning Spyware Detected... The box appears in the middle of the screen. I can run limited programs because the computer thinks it needs an administrator. The desk top has just turned red and there is a red circle with a white X in the middle of it located in the task bar. Please help.....I did not see a reply to the thread that mentions how to help remove it. Is there a way to get rid of this? Is this a known, removable entity?

Also, this malware disables my ability to pull up task manager and shut it down that way.

so there s this web page desktop problem i m having where my #384"? "Detected SPYware! System error desktop has turned into some warning for spyware and it has a hyperlink right in the center of it also when i open internet explorer the first web page is this Detected SPYware System error Your IP address is Using this address a remote computer has gained anaccess to your computer and probably is collecting the information about the sites you ve visited and the files contained in the folder Temporary Internet Files Attention Ask for help or install the software for deleting secret information about the sites you visited Your computer is full of evidences ISP of transmission CHARTER Your IP address "Detected SPYware! System error #384"? They know you re using Mozilla compatible MSIE Windows NT Your computer is Windows XP Risk status for further investigation VERY HIGH RISK To protect from the Spyware - click here To prevent information transmission - click here To delete the history of your activity click here and if i go to a different web address a bunch of pop ups pop up now i ve downloaded Hijack This and deleted some things that looked like i didn t want but i m not sure if i should have done that because i don t really know what i m doing and i don t know what i m suppose to send to you experts either So i would be greatly appreciative of any help nbsp

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.I will need some time to look over your computer's log(s). You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. Please take note of a few guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.With Regards,The Panda

Hi kb1171,First, we need to backup your registry:Please go to Start > RunPaste in the following line:regedit /e c:\registrybackup.regClick OK.It won't appear to be doing anything, that's normal.Your mouse pointer may turn to an hour glass for a minute.Please continue when it no longer has the hour glass.Registry FixPlease open up an instance of Notepad.Click on: Start, thenAll Programs, thenAccessories, thenNotepadCopy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to NotepadREGEDIT4

[-HKEY_CURRENT_USER\Software\Classes\PROTOCOLS\Filter\text/html]Save it as "All Files" and name it RemoveFilter.reg. Let the location be your desktop.Navigate to your desktop.Double click RemoveFilter.regA window will prompt you to Merge RemoveFilter.reg with the Windows Registry, this is normal. Choose Yes/Ok.Upgrading Java:Download the latest version of Java Runtime Environment (JRE) 6 Update 7.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".Click on Continue.Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..Close any programs you may have running - especially your web browser.Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.Check any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java version.Reboot your computer once all Java components are removed.Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")Then follow the instructions here to clear your Java cache.Please download SmitfraudFix (by S!Ri) to your Desktop.Double-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Click Start -> Control Panel -> Add Remove Programs and uninstall this program:My Web Search (Zwinky) ==============Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphc9h7j0e33tHKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPageHKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPageHKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper C:\WINDOWS\system32\lphc9h7j0e33t.exeC:\WINDOWS\system32\blphc9h7j0e33t.scr Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMoveIt2If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.Also post a new log from DSS.

Hey everyone I heard this website is great to ask question and I got a lot of help from you guys before and I can tell you know your stuff I m a new member just signed up because I just got a problem that I don t know how to solve I have Windows XP and this is a custom made computer so I don t know if that changes anything with fixing it To Detected On Clean Install Computer! Or Spyware Your Remover Computer Warning! Your Spyware Antivirus or not I was surfing online through some forums and then I got a little screen that popped up from my Avast virus protection and it said it found something I usually don t read it and I usaully choose delete which worked fine up until now After clicking on delete it would keep on reappearing saying that it found a virus Warning! Spyware Detected On Your Computer! Install Antivirus Or Spyware Remover To Clean Your Computer So I was guessing it I should continue pressing delete Then a little program came up and I could tell Warning! Spyware Detected On Your Computer! Install Antivirus Or Spyware Remover To Clean Your Computer it was a spyware or a virus so I closed it When I saw the name I went to add and remove programs to try and to uninstall it I clicked on it multiple times to uninstall and it said Warning! Spyware Detected On Your Computer! Install Antivirus Or Spyware Remover To Clean Your Computer it was succesfull but it wasn t My screen then turned blue like the blue screen of death but I could still see the desktop and there was something written in the middle which was quot Warning Spyware detected on your computer Install antivirus or spyware remover to clean your computer quot in a box So I decided to go into the program files and delete this program right away from the source So I found it and it had a weird name it was like geber gaber Once I deleted it it didn t look like it was spreading but I want to get rid of this I don t know if my computer has been hacked But I unplugged the internet from it and I m using a different computer right now I can t change the background and yes I know how to change it When I right click on the desktop and click properties I only get three options I only get themes appearance and settings This only happens on one of the two accounts that I have and the other one is perfectly fine I know this is long and sorry but I m in real need of help Thanks in advance

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

I got the message "Warning! Spyware Detected On Your Computer Install An Antivirus Or Spyware remover to clean your computer" on my computer yesterday.Followed instructions provided by this site but still i can see the same problems.Find the attached Logs Produced by DSS.Any Help will be appreciated.

Also, right after I posted this, every pages starts to redirect and then it pops up and instead of "Internet Explorer Warning...blah blah blah," I'm getting "Oops! This link appears to be broken!" with my Google Toolbar logo on the side and a list of suggestions to correct the site's URL.

Ok so im new here so hey everybody to the point my laptop is quot stuttering quot lagging skipping whatever you wanna call it its doing it my video music and cursor skip every second for a splt second it starts on start-up and dont stop til i turn my laptop off it happens in a pattern its not random ive done checked my drivers spyware and m RAM is good so can someone please help me could it be because my battery wont hold a charger so it has to be hooked up to the charger at ALL times or it dies Example is the charger not got the quot juice quot to run the laptop by itself so it studders skips i dont know if this has report viewer "studders"/"skips"/"lags" Whole Solved: (PLEASE computer .. event have anything to do with my problem but i ran quot event viewer quot and found this The following boot-start or system-start driver s failed to load Cdrom Imapi redbook PLEASE HELP OS Version Microsoft Windows XP Home Edition Service Pack bit Processor Genuine Intel R CPU Solved: Whole computer "studders"/"skips"/"lags" .. have event viewer report (PLEASE T GHz x Family Model Stepping Processor Count RAM Mb Graphics Card Mobile Intel R GM Express Chipset Family Mb Hard Drives C Total - MB Free - MB D Total - MB Free - MB Motherboard Dell Inc FF HWPLLB CN S Antivirus McAfee VirusScan Updated Yes On-Demand Scanner Disable nbsp

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Hello Chaosy,Before we start, you need to realize that you are missing one important program on that computer: An antivirus. This is somewhat suicidal in today's digital world. You need to install an antivirus program as soon as you can and run a complete scan of the computer. I recommend you download the free Avast or AntiVir orAVG antivirus Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously! After you run the antivirus program, post its log so I can see what it fould. Also post a fresh Hijackthis log.

Ok so im new here so hey everybody to the point my laptop is quot stuttering quot lagging skipping whatever you wanna call it its doing it my video music report (PLEASE event have HELP) Whole .. viewer "studders"/"skips"/"lags" computer and cursor skip every second for a splt second it starts on start-up and dont stop til i turn my laptop off it happens in a pattern its not random ive done checked my Whole computer "studders"/"skips"/"lags" .. have event viewer report (PLEASE HELP) drivers spyware and m RAM is good so can someone please help me could it be because my battery wont hold a charger so it has to be hooked up to the charger at ALL times or it dies Example is the charger not got the quot juice quot to run the laptop by itself so it studders skips i dont know if this has anything to do with my problem but i ran quot event viewer quot and found this The following boot-start or system-start driver s failed to load Cdrom Imapi redbook PLEASE HELP nbsp

Every time I move or copy any file from one folder to another on my local computer not over a network I get the following quot Windows Security quot warning quot These files might be harmful to your computer your internet security settings suggest that one or more files may be harmful do you want to use it anyway quot I've Googled the message and in every instance it only occurred when someone was moving files across a network and the solution was to add the IP address of to harmful might files computer" warning "These be your the other machine server to the Local Intranet Zone http M FtC I've haven't seen anyone who has had this problem when simply moving files from one folder to another on the same local hard drive Any suggestions Things "These files might be harmful to your computer" warning I've tried Resetting IE Security Setting to default levels Turning UAC on off Turning Windows Firewall on off Resetting IE I changed every IE security setting to be exactly the same as another computer which is NOT getting this message

A:"These files might be harmful to your computer" warning

Does the files contain files which have been downloaded from a network before? I ask this because by default files downloaded by the internet will be 'blocked'

Few weeks ago my Gateway DX displayed a dialogue box that stated quot Your Computer has detected a Trojan Horse Virus Shutting down quot It then shut down as the message stated it would No Biggy figured the computer was doing what it was meant to do "Computer PC Virus, Trojan restart won't after Shutting Detected Down" has Horse upon a security PC won't restart after "Computer has Detected Trojan Horse Virus, Shutting Down" threat Well after a few minutes I tried restarting the computer and nothing no power no lights no noises completely dead So thus far I have tested the PSU with the paper clip trick and an actual PSU tester and it works just fine according to those test I have also replaced the motherboard thinking for sure that had to be the problem but of course not still no power whatsoever I then figured maybe it is the power button itself so I used a screwdriver to short the power on switch pins and nothing I have also replaced the CMOS battery tested multiple outlets power cord is good reseated all connections Also tried jumping it by moving the jumper from pins amp to amp And still nothing I have no idea what to try next any help would be greatly appreciated Was also wondering is there a Trojan Horse that can actually cause a complete power system failure tried googling it couldn't find anything on it Computer Specs Gateway DX Vista Home Premium x AMD Phenom Quad Core Processor ATI Radeon GPU

I currently have this same thread in the "Memory and Power Supply" section. The individuals that have responded are all saying it is the PSU that is faulty. I will be acquiring a working PSU tomorrow evening to confirm that is the issue at hand. Once testing is complete, I will follow up with an update...

I need your help. My restore information has been erased and I keep getting these virus win32.trojan.BHO and GenericBackDoor.u. It looks like there is a fake spyware program that keeps coming up and it wants me to use it (but I don't recall loading it).

Let me know which items to check off on my most recent HijackThis log below.

I was going to get rid of all the BHO items on the list but your site said not to try anything on my own.